Cryptology ePrint Archive: Report 2016/1063

LPAD: Building Secure Enclave Storage using Authenticated Log-Structured Merge Trees

Yuzhe (Richard) Tang, Ju Chen

Abstract: With the advent of commercial trusted execution environments (e.g., Intel Software Guard eXtension or SGX), an important research task is building trustworthy software systems based on the TEE, which will enable a wide range of security applications on the third-party cloud.

This work aims at building secure and high-performance storage systems for safe data outsourcing. It considers as storage substrate modern key-value stores, such as Google LevelDB, that adopt the design of log-structured merge trees (LSM). We propose Log-structured Persistent Authen- ticated Dictionary (LPAD), a security protocol that specifies the workflow of an LSM tree for the Intel SGX architecture. We build a secure storage system following the LPAD protocol and based on Google LevelDB. When building the system, we study a range of software-partitioning strategies that make the tradeoff between performance overhead and the size of trusted computing base.

We evaluate the LPAD storage for three salient features: formal security in terms of strong data authenticity, low performance overhead and small trusted computing base (TCB). On the latter two aspects, our evaluation shows that 1) the LPAD-based system has a small trusted program. 2) The performance overhead is low with a typical 12% ∼ 40% slowdown.

Category / Keywords: SGX, TEE, hash functions, authentication codes

Date: received 13 Nov 2016, last revised 26 Apr 2018

Contact author: ytang100 at syr edu

Available format(s): PDF | BibTeX Citation

Version: 20180426:195837 (All versions of this report)

Short URL: ia.cr/2016/1063


[ Cryptology ePrint archive ]